Signature War: Rootkits vs Antivirus
I mentioned this back on 10 October, but here is a bit more information on Hacker Defender, via Email Battles.
The attacker failed to update the signature file for detecting antivirus scanners. That's how F-Secure claims its Backlight scanner intercepted Golden Hacker Defender... the rootkit. If that hadn't happened, Golden Hacker Defender would have disabled F-Secure's antivirus protection in Windows, and delivered its payload.
What payload? Whatever the attacker chose to hide beneath Golden Hacker Defender's cloak: virus, backdoor, spyware, or you-name-it. The authors of rootkits like Golden Hacker Defender couldn't care less. They just provide the software that disables antivirus scanners... which they detect much like antivirus scanners detect them: with binary signature files.
All versions of Hacker Defender test for Avast!, AVG, Kaspersky, McAfee, NOD32, Norton, Panda, and PC-cillin. Once aboard, most versions trap all your logon info... including administrative services.
F-Secure says Golden Hacker Defender's special because, unlike its open source version, Hacker Defender, it detects several commercial antivirus scanners. The creators of Golden Hacker Defender aren't as impressed. For a real antivirus killer, they recommend their top-of-the-line Brilliant Hacker Defender. What? US$695 a bit over your budget? Hacker Defender has something on the shelf to fit any blackhat's wallet.
posted by Fergie @ 10/19/2005 01:26:00 PM
0 Comments:
Post a Comment
<< Home